Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4330

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-4330
Last Modified 16 Apr 2012 12:00:00
Published 27 Jan 2012 10:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4330

Summary

Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6


References

MLIST - [linux-kernel] 20111109 [BUG][SECURITY] Kernel stack overflow in hfs_mac2asc()

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=755431

BID - 50750

MLIST - [oss-security] 20111121 kernel: hfs: add sanity check for file name length

MLIST - [oss-security] 20111121 Re: kernel: hfs: add sanity check for file name length

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bc5b8a9003132ae44559edd63a1623

Related Patches

Red Hat 2012:0007-01 RHSA Important: kernel security, bug fix, and enhancement update for RHEL 5 x86

Red Hat 2012:0007-01 RHSA Important: kernel security, bug fix, and enhancement update for RHEL 5 x86_64

Novell SUSE 2011:5509 kmps-201112 recommended update for SLES 11 SP1 i586

Novell SUSE 2011:5509 kmps-201112 recommended update for SLES 11 SP1 x86_64

Novell SUSE 2011:5510 kernel security update for SLE 11 SP1 i586

Novell SUSE 2011:5511 kernel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8161 kernel security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8162 kernel security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:58:07